This vulnerability (CVE-2026-48874) is classified as CWE-89, indicating improper neutralization of special elements used in an SQL command, commonly known as SQL Injection. It affects GamiPress versions up to and including 7.8.7. The flaw exists in the Subscriber component, allowing an attacker with network access and low privileges to execute crafted SQL commands. The CVSS 3.1 base score is 8.5, reflecting high impact on confidentiality and availability, with no impact on integrity. The vulnerability is publicly known but no exploits in the wild have been reported. No vendor advisory or patch is currently available, and the product is not a cloud service, so remediation depends on vendor action or user mitigation.

Successful exploitation can lead to partial denial of service and disclosure of sensitive information due to SQL Injection. The attacker requires low privileges and no user interaction, increasing the risk. The confidentiality impact is high, availability impact is low, and integrity is not affected according to the CVSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is currently documented, users should monitor vendor communications for updates. Until a patch is available, restricting access to the affected functionality and applying web application firewall rules to detect and block SQL injection attempts may reduce risk.